I had this idea for some time and I'd like to discuss it to see if it is
something reasonable to be proposed for rust to implement or there are
other ways around the problem.
Let's say I have a low level function that manipulates the hardware clock
using some platform-specific argument. Internally this function will do an
unsafe volatile mem write to store value in the register, but this is the
only part of the code that is unsafe compiler-wise, whatever else is in
there in the function is safe and I want the compiler to warn me if any
other unsafe operation happens.
Now, given that this function is actually unsafe in terms of its realtime
consequences (it does not do any validation of the input for speed) I want
to mark it as unsafe fn and make a safer wrapper for end users, while
keeping this for the little subset of users that will need the actual speed
benefits.
Unfortunately, marking it unsafe will now allow any other unsafe operation
in the body of the function, when what I wanted is just to force users of
it to be aware of unsafety via compiler validation.
A safe {} block could have helped me in this case. But is it a good idea
overall?
Some pseudo-code to illustrate
pub unsafe fn set_clock_mode(mode: uint32) {
// ...
// doing some required computations
// this code must be 'safe' for the compiler
unsafe {
// ...
// writing the value to mmaped register, this one is unsafe but
validated by programmer
}
}
pub fn set_clock_mode_safe(mode: uint32) -> bool {
// ...
// validate input
unsafe {
// I want this call to require unsafe block
set_clock_mode(mode);
}
}
--
Sincerely,
Vladimir "Farcaller" Pouzanov
http://farcaller.net/
_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev
